CVE-2015-3143
curl - security update
EPSS 4.7%
Description
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
How to fix CVE-2015-3143
To remediate CVE-2015-3143, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.42.0-1 or later
- Debian/curl—upgrade to 7.21.0-2.1+squeeze12 or later
- Debian/curl—upgrade to 7.26.0-1+wheezy13 or later
Is CVE-2015-3143 being exploited?
Low — EPSS is 4.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.42.0-1
- from 0, < 7.21.0-2.1+squeeze12
- from 0, < 7.26.0-1+wheezy13